9.0.0 fails to install on new GKE cluster

[cober]

We have seen some issues while trying to upgrade voyager from 8.0.1 to 9.0.0, after some investigation we decided to spin up new cluster and try to install it via the bash script and it fails on RBAC.

Master version
1.11.7-gke.6

Edins-MacBook-Pro:ingress cober$ curl -fsSL https://raw.githubusercontent.com/appscode/voyager/9.0.0/hack/deploy/voyager.sh \
>     | bash -s -- --provider=gke
checking kubeconfig context
gke_xite-cms_europe-west1-d_voyager-rbac

Downloading onessl ...
checking whether extended apiserver feature is enabled

VOYAGER_BYPASS_VALIDATING_WEBHOOK_XRAY=false
VOYAGER_CLOUD_CONFIG=
VOYAGER_CLOUD_PROVIDER=gke
VOYAGER_DOCKER_REGISTRY=appscode
VOYAGER_ENABLE_ANALYTICS=true
VOYAGER_ENABLE_RBAC=true
VOYAGER_ENABLE_STATUS_SUBRESOURCE=true
VOYAGER_ENABLE_VALIDATING_WEBHOOK=true
VOYAGER_HAPROXY_IMAGE_TAG=1.9.2-9.0.0-alpine
VOYAGER_IMAGE_PULL_POLICY=IfNotPresent
VOYAGER_IMAGE_PULL_SECRET=
VOYAGER_IMAGE_TAG=9.0.0
VOYAGER_INGRESS_CLASS=voyager
VOYAGER_NAMESPACE=kube-system
VOYAGER_PRIORITY_CLASS=system-cluster-critical
VOYAGER_PURGE=0
VOYAGER_RESTRICT_TO_NAMESPACE=false
VOYAGER_ROLE_TYPE=ClusterRole
VOYAGER_RUN_ON_MASTER=0
VOYAGER_SERVICE_ACCOUNT=voyager-operator
VOYAGER_TEMPLATE_CONFIGMAP=
VOYAGER_UNINSTALL=0
VOYAGER_USE_KUBEAPISERVER_FQDN_FOR_AKS=true
VOYAGER_WEBHOOK_SIDE_EFFECTS=

Wrote ca certificates in  /Users/cober/edin/ingress
Wrote server certificates in  /Users/cober/edin/ingress
deployment.apps/voyager-operator created
secret/voyager-apiserver-cert created
service/voyager-operator created
serviceaccount/voyager-operator created
clusterrolebinding.rbac.authorization.k8s.io/voyager-operator reconciled
clusterrolebinding.rbac.authorization.k8s.io/voyager-operator reconciled
rolebinding.rbac.authorization.k8s.io/voyager-apiserver-extension-server-authentication-reader reconciled
clusterrolebinding.rbac.authorization.k8s.io/voyager-apiserver-auth-delegator reconciled
Error from server (Forbidden): clusterroles.rbac.authorization.k8s.io "voyager-operator" is forbidden: attempt to grant extra privileges: [{[*] [apiextensions.k8s.io] [customresourcedefinitions] [] []} {[get] [apiregistration.k8s.io] [apiservices] [] []} {[patch] [apiregistration.k8s.io] [apiservices] [] []} {[delete] [admissionregistration.k8s.io] [validatingwebhookconfigurations] [] []} {[get] [admissionregistration.k8s.io] [validatingwebhookconfigurations] [] []} {[list] [admissionregistration.k8s.io] [validatingwebhookconfigurations] [] []} {[watch] [admissionregistration.k8s.io] [validatingwebhookconfigurations] [] []} {[patch] [admissionregistration.k8s.io] [validatingwebhookconfigurations] [] []} {[list] [voyager.appscode.com] [*] [] []} {[list] [] [nodes] [] []} {[watch] [] [nodes] [] []} {[get] [] [nodes] [] []} {[get] [] [namespaces] [] []} {[list] [] [namespaces] [] []} {[watch] [] [namespaces] [] []}] user=&{edin@xite.com  [system:authenticated] map[user-assertion.cloud.google.com:[AKUJVpk5BqK4rkGusht899a+jyKg6qMqX3wmgqJbXwCku9J6wFRiwhqhjOOYWtnp3wjxP5JRgC/G9frWGLTZhyIV5z2WtVkUu6vLlAkmWViTMaC5GIoDHB++3l1/EieZp+EONana7TZVrftKgjuXqEJCKRKQEqRhKuKLuVOZEvzP4teN+39Hp/zMo631KLlba6oFNHKYvl03pqzAPayEJIURzSuhVew=]]} ownerrules=[{[create] [authorization.k8s.io] [selfsubjectaccessreviews selfsubjectrulesreviews] [] []} {[get] [] [] [] [/api /api/* /apis /apis/* /healthz /openapi /openapi/* /swagger-2.0.0.pb-v1 /swagger.json /swaggerapi /swaggerapi/* /version /version/]}] ruleResolutionErrors=[]
Error from server (Forbidden): clusterroles.rbac.authorization.k8s.io "voyager-operator" is forbidden: attempt to grant extra privileges: [{[*] [voyager.appscode.com] [*] [] []} {[*] [monitoring.coreos.com] [servicemonitors] [] []} {[*] [apps] [daemonsets] [] []} {[*] [apps] [deployments] [] []} {[*] [apps] [replicasets] [] []} {[*] [extensions] [ingresses] [] []} {[*] [] [replicationcontrollers] [] []} {[*] [] [services] [] []} {[*] [] [endpoints] [] []} {[*] [] [configmaps] [] []} {[get] [] [secrets] [] []} {[list] [] [secrets] [] []} {[watch] [] [secrets] [] []} {[create] [] [secrets] [] []} {[update] [] [secrets] [] []} {[patch] [] [secrets] [] []} {[create] [] [events] [] []} {[get] [] [pods] [] []} {[list] [] [pods] [] []} {[watch] [] [pods] [] []} {[delete] [] [pods] [] []} {[deletecollection] [] [pods] [] []} {[get] [] [serviceaccounts] [] []} {[create] [] [serviceaccounts] [] []} {[delete] [] [serviceaccounts] [] []} {[patch] [] [serviceaccounts] [] []} {[get] [rbac.authorization.k8s.io] [rolebindings] [] []} {[create] [rbac.authorization.k8s.io] [rolebindings] [] []} {[delete] [rbac.authorization.k8s.io] [rolebindings] [] []} {[patch] [rbac.authorization.k8s.io] [rolebindings] [] []} {[get] [rbac.authorization.k8s.io] [roles] [] []} {[create] [rbac.authorization.k8s.io] [roles] [] []} {[delete] [rbac.authorization.k8s.io] [roles] [] []} {[patch] [rbac.authorization.k8s.io] [roles] [] []}] user=&{edin@xite.com  [system:authenticated] map[user-assertion.cloud.google.com:[AKUJVpk5BqK4rkGusht899a+jyKg6qMqX3wmgqJbXwCku9J6wFRiwhqhjOOYWtnp3wjxP5JRgC/G9frWGLTZhyIV5z2WtVkUu6vLlAkmWViTMaC5GIoDHB++3l1/EieZp+EONana7TZVrftKgjuXqEJCKRKQEqRhKuKLuVOZEvzP4teN+39Hp/zMo631KLlba6oFNHKYvl03pqzAPayEJIURzSuhVew=]]} ownerrules=[{[create] [authorization.k8s.io] [selfsubjectaccessreviews selfsubjectrulesreviews] [] []} {[get] [] [] [] [/api /api/* /apis /apis/* /healthz /openapi /openapi/* /swagger-2.0.0.pb-v1 /swagger.json /swaggerapi /swaggerapi/* /version /version/]}] ruleResolutionErrors=[]

[tamalsaha]

You must be an admin of the cluster to install the operator. See here:
https://github.com/appscode/voyager/blob/master/docs/setup/install.md#installing-in-gke-cluster